Use Our Offense to Inform Your Defense
IP telephony security assessments help an organization gain an understanding of the risks posed to the confidentiality, integrity, and availability of their voice communication systems. This includes hardware phones, software phones and messaging clients, VoIP servers and infrastructure, signaling and media traffic, and federated systems.
Whether a high-level overview or a thorough, in-depth review is desired, DISD works with your staff to produce prioritized findings, recommendations, and remediation or mitigation steps to fit your organization's profile.
DISD performs IP telephony security assessments according to a well-developed and refined methodology, in order to provide thorough, accurate, and reproducible results. IP telephony testing typically begins with identification of client, server, and infrastructure components and technologies – using naming directory services, search engine queries, visual inspection, phone calls, and network scans. Traffic sniffing and analysis is used to identify unencrypted signaling and media traffic, as well as authentication exchanges. Various techniques to enumerate valid usernames are used, and both online and offline authentication guessing attacks are undertaken. DISD assesses management interfaces, protocols, and accessibility to infrastructure components, as well as VoIP network architecture and configuration settings. Consultants identify security protections and defensive measures, and formulate evasions. Automated software is used to efficiently identify known software vulnerabilities and mis-configurations. Consultants conduct various spoofing and man-in-the-middle attacks, depending on the signaling and media protocols in use. For IP phone systems isolated using VLAN or similar network segmentation, consultants attempt to subvert these restrictions in order to gain access to VoIP infrastructure, and potentially to restricted internal networks. DISD can also measure susceptibility of the VoIP deployment to denial-of-service and service degradation attacks. Fuzzing activities can be undertaken to test protocol and application robustness and fault tolerance. Unauthorized access to VoIP systems may be leveraged, for example, to manipulate or inject audio, eavesdrop on conversations and voicemail recordings, and imitate authorized users.
Activities involved in an IP telephony security assessment include, but are not limited to:
- Phone, messaging client, server, and infrastructure discovery
- Host, application, and service fingerprinting
- Operating System, application, and server vulnerability scanning
- Online password guessing
- Offline password cracking
- Authentication downgrade attacks
- Traffic capture and analysis
- Identification of encrypted traffic
- Client certificate validation tests
- Identification of security protections and requirements
- Signaling traffic redirection / spoofing
- Media traffic hijacking, and man-in-the-middle attacks
- Fake infrastructure attacks against clients
- VoIP VLAN hopping / network segmentation bypass attempts
- Authenticated access service use and abuse
- Administrative access testing
- (optional) Denial and degradation of service tests
- Protocol- and application-level fuzzing
- Conversation eavesdropping
- Audio manipulation and injection
DISD works with our customers to identify the goals of security assessments prior to testing, and is available to assist in remediation efforts upon request.